I think the last thing you say is exactly what is happening to me. I
think the user is updating the password, but a slight delay in my LDAP
replication is causing them to try the new password before it is
actually the new password.
Yes, I was refering to auth_cache_negative_ttl=0. I didn't realize
that was user not found only. Is there any way to force the cache to
check the password for anything that was not previously cached as
being the correct password?
Dave
Quoting Timo Sirainen tss@iki.fi:
On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
Well, most of my issues are gone with adding auth cache. However, I am having an issue. Sometimes, even though cache incorrect passwords is disabled,
Do you mean auth_cache_negative_ttl=0 by this? It only affects "user not found" caching.
new passwords do not work. It would seem that once a user logs in with one password successfully the cache does not automatically retry if the user tries a different passwords. I would think that the auth cache should check to see if the password changed on the ldap server if something other than the cached password is entered.
Is this something wrong with my configuraiton, or the auth code itself?
The way it should work is that:
- User logs in with password X which succeeds.
- Password is changed to Y.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup, sees that the password was changed and caches it.
But this can also happen:
- User logs in with password X which succeeds.
- Password is changed to Y.
- User logs in with password X, which succeeds.
Or:
- User logs in with password X which succeeds.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup and sees that the password wasn't changed.
- Password is changed to Y.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth failed, so it doesn't bother doing another lookup.
Can you consistently make Dovecot behave differently as described above?